Munich - In the night of Saturday to Sunday, a special unit of the police raided the home of retired gardener Heinz S. to seize several cloud computers. Heinz S. allegedly participated as a volunteer to hide Piratecloud servers in Germany.
"I just wanted some heat from the thing, I don’t even know what it really is", is the unlikely claim of Heinz S., who turned 76 this year.
On Tuesday, he has to state his case in court, together with 22 other people who surprisingly tell a very similar story.
Reading C&H's site, I think the living room reference in the article is false. The rack is supposed to be in the basement to add heat to your water heating system.
> Security is a concern with these setups, because anyone’s data could be in anyone else’s house at a given time, but Cloud&Heat claims that since all of its data is encrypted and only its employees can open the cabinets that everyone’s information is safe.
Ladies and Gentlemen, i present: Bullshit. I wish companies with no clue about encryption would stop making these insane claims.
There's a lot of data where that kind of security is acceptable, for example all the video content on youtube. You don't want random people to tampler with it, but it's not high security.
I wouldn't want my bank to store my account data on one of those, but I wouldn't mind if website assets were served from there.
Presumably they detect unauthorized case-intrusion and immediately delete the keys. This isn't foolproof, but it's probably good enough to stop anyone except the people that are going to get the data no matter what you do.
They'd need to immediately shut down their server as well (as in immediately, as in crash), and even that's not necessarily enough to remove data from RAM before attackers can get to it.
The threat scenario is a bit far fetched. First you'd need to find out where an individual, interesting piece of data is stored. Then you have to break into this building, break open the cabinet and freeze the RAM fast enough to preserve the memory content.
That's obviously something that can be done, but it requires a lot of dedication to pull of, so that's something you'd only do in case where you know the data is valuable. It's probably easier to just get an inside job done, but you could get that at any other datacenter or even at AWS.
For a lot of data, the payoff is not worth the effort and risk, so I'd be unconcerned. Obviously, don't store bank accounts or medical data there, don't use it for the next NSA datacenter etc.
Yeah, sure. Nobody would ever notice the truck with the coolant tank in front of the building and the frozen pipes running in ;). Here in Berlin they freeze the ground to make excavations in places with high ground water, that looks the same.
To be honest - law enforcement could pull that off. But that's not the threat model that this is supposed to counter.
The very first people to sign up will all be budding security enthusiasts secretly looking forward to their prime time on Chaos Computer Club or BlackHat or whatever where they take apart one of these servers.
Cool, free pentesting. If I'd plan such an offer I'd give away units for free to CCC members that want to penetrate it. Maybe even throw in some money.
>remove data from RAM before attackers can get to it //
Seems about the last thing you'd try too. Surely you'd try and catch the data on the wire a long time before you'd even contemplate this sort of scenario. At least then you have the chance to get the whole encrypted file you're after.
If there simply storing encrypted data then these servers might be unable to decrypt the stored information and reading their contents would be pointless.
If on the other hand these servers decrypt the data then encryption is of limited value.
Care to elaborate about that? I don't see the security concern if the data is encrypted on disk and both ways over the network. I doubt they would just leave the private keys to hang out on the server for anyone to take.
"So, you'd like a CloudenHeatenDevicenGlaven in your haus, ja?"
"Yep."
"That ... does not sound German to me."
"Yeah, well, ... "
"I think you are a spy. Looking to take advantage of our generosity, ja? Und maybe in ze middle of the nacht you installen the spying thing on our box, mit your little NSA spying thing?"
"Haha! Those don't exist. The NSA? That actually stands for No Such Agency, dude. I mean, freund ... fraud ... you know, ich bin ein jelly donut and all that."
I could see actually this working at a larger scale -- e.g. put a server room in the basement of a low-income housing project in a place with cold winters like Chicago or Toronto and heat the building with waste heat during the chilly months. It'd also be worth it at that scale to wire the building for multi-homed fiber.
Can't see it being practical at small house scale, and there's also some big security issues.
They only mention that the company pays for the internet service but I'd assume traffic/speed from a home could also be an issue. I mean the average home network connections aren't exactly amazing so what can be hosted on these servers (I doubt it's cost efficient to provide new infrastructure for every home)?
Isn't residential DSL and cable a shared pipe, thus if they are using saturating that 50mbit pipe 24/7/365 then your own DSL/cable connection could be considerably worse?
> If the servers do heavy data processing when no one needs the heat, the system stores hot water in a “buffering tank.” And the Cloud&Heat cabinets can also vent outside in the spring and summer.
> I've always found it odd that heat from servers is hot enough to be a problem but not hot enough to be useful.
I've always wondered the same thing about cooling towers in power stations. Why are they cooling the water coming out of the plant? The whole point of the plant is to make it hot and then convert that to electricity - why on earth are they venting the energy like that?
Apparently it's to do with cooling it fast enough to create a vacuum to draw through more water.
> Security is a concern with these setups, because anyone’s data could be in anyone else’s house at a given time, but Cloud&Heat claims that since all of its data is encrypted and only its employees can open the cabinets that everyone’s information is safe.
Unless they've cracked the problem of practical fully homomorphic encryption, that data is still going to be unencrypted at some point in those units and vulnerable if the physical security of the cabinet is compromised.
Rather than cracking the problem of practical fully homomorphic encryption, I think they're probably cracked the problem of deleting the keys when the physical security of the cabinet is compromised.
Unless the cabinet is air tight, and uses a pressure sensor to detect itself being opened. It's "Is the cabinet open?" subroutine can be defeated by simply opening the cabinet where a sensor isn't located.
Basically cut the sucker open on the side.
:.:.:
Also by using a time sharing OS its likely you can induce a large network based load externally slowing its IO speed to the level you can open the cabinet, and "close" the cabinet from the sensors perspective while leaving it opened.
:.:.:
Further more data loss doesn't occur on door opening, thus the keys are still recoverable, because without it would be impossible to service.
A possible approach would be: keep the data encrypted, just decrypt it at the endpoint. Tarsnap for example does that. Or keep the keys on servers that are acting as proxies and decrypt the data. Or actually loose all data on door opening. Just drop it and use a replication like backblaze and S3 use. A harddrive lost? Allocate a shard somewhere else. A unit looses enough harddrives to require service? Just pull it, trash it, plug in a new one.
Given that the units are spread out further than servers in a datacenter, you probably want that anyways. Your service teams don't want coordinate access to the device, drive there and the homeowner does not show up for something as mundane as an HDD swap.
Likely extreme mirroring + no keys actually kept on the unit. They just store N byte chunks of data which a master somewhere fetches an decrypts at its leisure would be the best approach. (with key value pairs stored on that said machine).
Best approach not necessarily being the one that was put into production.
The fastest approach would be to store your key value pairs encrypted on the host device, and do your map/reduce functions locally so you only forward relatively useful data.
I think your suggestion of using a pressure sensor is a great mechanism. Then, as you say, you need to be able to restore the keys (stored offsite) so you can do maintenance.
This is an engineering problem: how secure do you want to be; how many mechanisms do you need to achieve that; does this come in under the cost budget. Your pressure-sensor solution alone is probably good enough for a large number of applications already.
But this is not a research problem: we don't have to solve homomorphic encryption!
Fine, thin, looped resistance wire - if you drill or cut through it, its resistance changes (either to infinite in case of a clean cut, or a couple ohms in case of two or three shorted-together loop).
> Also by using a time sharing OS its likely you can induce a large network based load externally slowing its IO speed to the level you can open the cabinet, and "close" the cabinet from the sensors perspective while leaving it opened.
Use a Raspberry Pi together with a UPS-backed fiber modem and a cellular modem backup uplink in case someone cuts the fiber, and the threat is basically neutralized (okay, someone may jam the phone signal, but then again this can be detected by carrier loss).
It means that at best, they've reduced the problem to safe cracking. And it's a "safe" that has to have channels for power, data, and hot water/air to go in and out and sits unguarded in the potential attacker's house for as long as they need.
No safe is "uncrackable", they just get rated at how much time/expense it would take a pro to break in and then you don't store anything in it that's more valuable than that.
If I'm a potential customer looking to process my data on these servers, I would want to know what the equivalent rating is.
I think distributed backup (of encrypted files) could be a great use case. But (like the CDN case mentioned elsewhere) this is also more demanding of bandwidth than CPU, which isn't really what you want here if your goal is to produce heat.
Distributed rendering of video content could maybe be a good use case - moderate bandwidth requirements, heavy CPU/GPU utilization, data not overly sensitive.
Distributed backup is actually a good case. It's usually bandwith taxing in terms of upload speed and most internet connections in Germany are asymmetric in favor of download speed (which would be the right direction if the server is in your home). My connection has 50MBit/sec download and only 8 Mbit/sec upload.
> Still, it's more reassuring to think that your data is stored in a remote server farm than in someone’s house.
That depends entirely on your use cases. Making comments like this without mentioning the wide range of trust levels with different use cases is short sighted.
That is my major concern. I live in a fairly new average sized house in Germany with a modern heating system (heating pump) and pay about 1200€/year for heating. If I knew for sure that they exist in 15 years I would really consider it.
Ignoring the technical difficulty of actually using the excess heat for reliably and consistently heating a building, it's hard to believe that the economics of connecting and servicing single cabinets randomly located all over the landscape could work out.
> that the economics of connecting and servicing single cabinets randomly located all over the landscape
I kinda thought the same.
But assuming it can be properly encrypted (hard) what's the difference to swapping in a new server compared to swapping in a new gas bottle? User pays for the initial infrastructure.
Pull the old one out, pop the new one in, 60 seconds, any blue collar worker can do it, if it's setup properly. It would even be automatically checked remotely it was done 100% correctly.
Once every 3 years? Probably cost $50 a pop? Not necessarily crazy.
Maybe they're hoping that their biggest customers will be office buildings that have space to spare. Each building could house a fair number of servers.
That could make sense, especially if those office buildings have backup generators. As it is, I've lived in a nice neighborhood that every winter had at least one or two power outages lasting at least a day or two.
Very interesting. I bet that will be a big selling point for people considering this hosting service. Seems that it will be harder to put pressure on hundreds of individual residents, than it is to do so to a big centralized datacenter provider company.
Realistically speaking, I suspect that if this does take off (and it is a very cool idea), they won't actually install those things in living rooms due to noise concerns. Those racks are going to be in the basement where the other heating equipment typically is.
So police are going to get a warrant that is limited to the basement room containing the racks. the home owners will be slightly annoyed and inconvenienced, but they aren't going to put up a fight against the warrant. They'll be more than happy to cooperate with the police.
"Partnering with other companies, Amazon will use waste heat
from a data center in a Seattle skyscraper to warm its
soaring new Denny Triangle campus across the street."
Helsinki data centre to heat homes
"A mini revolution in eco-friendly computing is taking place
in the depths of the 19th-century Orthodox Uspenski
Cathedral in downtown Helsinki."
"The Finnish IT company Academica has installed a new 2MW
database server centre in an empty second world war bomb
shelter meant to protect city officials in the event of a
Russian attack. Water warmed while cooling the servers will
go on to provide heat for 500 homes or 1,000 flats in a city
that often suffers winters of -20C. After the heat is
extracted, the water will be recycled back to cool the
servers again."
"We install The Device in your house, free of charge. You receive heat. Do not ask about the function of The Device."
"You may hear a human voice coming from inside The Device. Ignore it."
"Some customers report having recurring dreams about The Device, this is normal."
"The Device comes in one colour: Impenetrable Blackness."
"Behold, I will corrupt your seed, and spread dung upon your faces, even the dung of your solemn feasts; and one shall take you away with it."